Original source: OKX

Introduction | OKX Web3 has specially planned the "Security Special Issue" column to provide special answers to different types of on-chain security issues. Through the most real cases that happen to users, we work together with experts or institutions in the security field to share and answer from different perspectives, so as to sort out and summarize the rules of safe transactions from the shallow to the deep, aiming to strengthen user security education while helping users learn to protect their private keys and wallet assets from themselves.

One day, someone suddenly gave you a wallet address private key worth $1 million. Would you want to transfer the money immediately?

If you do, then this article is tailor-made for you.

This article is the 01st issue of OKX Web3's "Security Special Issue". We invite the well-known security organizations in the crypto industry, the SlowMist Security Team and the OKX Web3 Security Team, which have experienced "hundreds of frauds", to share their experiences based on the most real cases encountered by users. It is full of practical information!

SlowMist Security Team: Thank you very much for the invitation from OKX Web3. As an industry-leading blockchain security company, SlowMist mainly serves customers through security audits and anti-money laundering tracking and tracing, and has built a solid threat intelligence cooperation network. In 2023, SlowMist assisted customers, partners and public hacking incidents to freeze funds totaling more than 12.5 million US dollars. I hope to continue to output valuable things with awe for the industry and security.

OKX Web3 Security Team: Hello everyone, I am very happy to be able to share this. The OKX Web3 security team is mainly responsible for the security capacity building of the OKX Web3 wallet, providing multiple protection services such as product security, user security, and transaction security. While protecting the security of user wallets 24/7, it also contributes to maintaining the security ecosystem of the entire blockchain.

Q1: Can you share some real theft cases?

SlowMist Security Team: First, most of the cases are because users store private keys or mnemonics online. For example, users often use cloud storage services such as Google Docs, Tencent Docs, Baidu Cloud, WeChat Collection, and Memos to store private keys or mnemonics. Once these platform accounts are hacked

Second, after users download fake APPs, private keys are leaked. For example, the multi-signature scam is one of the most typical cases. Fraudsters induce users to download fake wallets and steal wallet mnemonics, and then immediately modify the account permissions of the user's wallet: change the wallet account permissions from the user himself to the user and the fraudster, thereby seizing control of the wallet account. Such fraudsters tend to be patient and wait for the user's account to accumulate a certain amount of crypto assets before transferring them all at once.

OKX Web3 Security Team: SlowMist has outlined the two main situations of private key theft. The second type, where fraudsters use fake APPs to steal user private keys, is essentially a Trojan program. This type of Trojan program steals user private keys by obtaining permissions to access user input methods, photos, etc. Compared with IOS users, Android users encounter more Trojan virus attacks. Here are two simple cases:

Case 1: A user reported that his wallet assets were stolen. After our team communicated with the user and investigated, it was found that he had previously downloaded and installed a disguised data platform software through Google search, which was a Trojan program. However, when users searched for the platform software, its link appeared in the TOP5 of Google search, causing users to mistakenly think it was official software. In fact, many users do not identify the links provided by Google, so it is easy to encounter Trojan attacks in this way. We recommend that users perform daily security protection through firewalls, antivirus software, and Hosts configuration.

Case 2: Users reported that their wallet assets were stolen when they invested in a DeFi project. However, through our analysis and investigation, we found that there was no problem with the DeFi project itself. User B's wallet assets were stolen because he was targeted by the official customer service of the DeFi project when he commented on the project on Twitter. Under the guidance of the fake customer service, he clicked on the fake link and entered the mnemonic, which led to the theft of wallet assets.

It can be seen that the scammers' methods are not sophisticated, but users need to improve their awareness of identification and should not easily disclose their private keys under any circumstances. In addition, our wallet has issued a security risk warning for the malicious domain name.

Q2: Is there a best way to keep private keys? What alternatives are there to reduce reliance on private keys?

SlowMist Security Team: Private keys or mnemonics are actually a single point of failure. Once stolen or lost, they are difficult to recover. At present, new technologies such as secure multi-party computing MPC, social authentication technology, Seedless/Keyless, pre-execution and zero-knowledge proof technology are helping users reduce their dependence on private keys.

Take MPC as an example. First, MPC technology means that all participants perform complex joint calculations to complete a task, and their data remains private and secure and is not shared with other participants. Second, MPC wallets are generally speaking, using MPC technology to securely break a private key into multiple pieces, which are jointly managed by multiple parties; or simply multiple parties jointly generate a virtual key. The latter may be more common because no one has ever seen the complete private key at this time. In short, the core idea of MPC is to disperse control rights to achieve the purpose of dispersing risks or improving disaster preparedness, effectively avoiding security issues such as single point failures.

Note that MPC involves a word called Keyless, which can be understood as "without mnemonics" or "without private keys". But this "without" does not mean that there is no key in the actual sense, but that users do not need to back up mnemonics or private keys, and cannot perceive their existence. So about Keyless wallets, you need to understand these 3 points:

1. During the creation of a Keyless wallet, private keys will not be created or stored at any time or place.

2. When signing a transaction, private keys are not involved, and private keys will not be reconstructed at any time.

3.Keyless wallets will not generate or save complete private keys and seed phrases at any time.

OKX Web3 Security Team: There is currently no perfect way to keep private keys. However, our security team recommends using hardware wallets, hand-copying and saving private keys, setting up multi-signatures, and decentralized storage of mnemonics to manage private keys. For example, decentralized storage of mnemonics means that users can divide mnemonics into 2 or more groups for storage, reducing the risk of mnemonics being stolen. For another example, setting up multi-signature means that users can select trusted people and sign together to determine the security of the transaction.

Of course, in order to protect the security of the user's wallet private key, the entire underlying OKX Web3 wallet is not connected to the Internet. The user's mnemonics and private key-related information are all encrypted and stored locally on the user's device, and the relevant SDK is also open source, which has been widely verified by the technical community and is more open and transparent. In addition, the OKX Web3 wallet has also conducted strict security audits through cooperation with well-known security organizations such as SlowMist.

In addition, in order to better protect our users, the OKX Web3 security team is providing and planning more powerful security capabilities for private key management, and is continuously iterating and upgrading. Here is a brief sharing:

1. Two-factor encryption. Currently, most wallets usually use the password to encrypt the mnemonic and save the encrypted content locally. However, if the user is infected with a Trojan virus, the Trojan will scan the encrypted content and monitor the password entered by the user. If the scammer monitors it, the encrypted content can be decrypted to obtain the user's mnemonic. In the future, the OKX Web3 wallet will use a two-factor method to encrypt the mnemonic. Even if the scammer obtains the user's password through the Trojan, it will not be able to decrypt the encrypted content.

2. Private key copy security. Most Trojans will steal information from the user's clipboard when the user copies the private key, resulting in the leakage of the user's private key. We plan to help users reduce the risk of private key information theft by increasing the security of the user's private key copying process, such as copying part of the private key, clearing the clipboard information in time, and other methods or functions.

Q3: Starting from the theft of private keys, what are the common phishing methods at present?

SlowMist Security Team: According to our observation, phishing activities are gradually increasing every month.

First, current wallet thieves (Wallet Drainers) pose the main threat to current phishing activities, and continue to attack ordinary users in various forms.

Wallet Drainers (Wallet Drainers) are a type of malware related to cryptocurrency. These software are deployed on phishing websites to trick users into signing malicious transactions, thereby stealing user wallet assets. For example, the more active wallet thieves (Wallet Drainers) are:

1. Pink Drainer, who obtains Discord Token and conducts phishing through social engineering. Social engineering is generally understood as obtaining users' private information through communication.

2. There is also Angel Drainer, which will conduct social engineering attacks on domain name service providers. After obtaining the relevant permissions of the domain name account, Angel Drainer will modify the DNS resolution and redirect the user to a fake website, etc.

Secondly, the most common one is blind signature phishing. Blind signature means that when a user interacts with a project, he does not know what he needs to sign or authorize, so he clicks on the confirmation button without knowing what, which leads to the theft of funds. Regarding blind signature phishing, let us give a few examples:

Case 1: For example, eth_sign. eth_sign is an open signature method that allows any hash to be signed, which means that it can be used to sign transactions or any data. It is difficult for users without technical foundation to understand the content of the signature, so there is a certain risk of phishing. Fortunately, more and more wallets have begun to provide security reminders for this type of signature, which can avoid some financial losses to a certain extent.

Case 2: permit signature phishing. We all know that in ERC20 currency transactions, users can call the approve function for authorization, but the permit function allows users to generate signatures off-chain and then authorize designated users to use a certain amount of tokens. Attackers use the permit method to phish. When the victim visits the phishing website, the attacker asks the user to sign the permit authorization through the website. After the user signs, the attacker can get the signed data. The attacker calls the permit function of the token contract and passes in the signature data and then broadcasts it to the chain to obtain the token authorization amount, thereby stealing the user's token.

Case 3: Hidden create2 technique. create2 allows developers to predict the address of a contract before deploying it to the Ethereum network. Based on create2, attackers can generate temporary new addresses for each malicious signature. After deceiving users to grant permission to sign, attackers can create contracts at this address and then transfer users' assets. Because they are blank addresses, these addresses can bypass some phishing plug-ins and monitoring alarms of security companies, so they are very hidden and users are easily fooled.

In short, for phishing websites, users can identify the official website of the project before interacting, and pay attention to whether there are malicious signature requests during the interaction, and should be wary of submitting mnemonics or private keys, and remember not to leak mnemonics or private keys anywhere.

OKX Web3 Security Team: We have studied common phishing methods and provided multi-dimensional security protection on the product side. Let me briefly share the main types of phishing methods that users have encountered so far:

The first type is fake airdrops. Hackers usually generate addresses with similar beginnings and ends for the victim's address, and make small transfers, 0U transfers, or airdrops of fake token transfers to users. Such transactions will be displayed in the user's transaction history. If the user accidentally copies and pastes the wrong address, it will cause asset loss. For this type of attack, the OKX Web3 wallet can identify its historical transactions and mark them as risk tags. At the same time, when the user transfers to its address, it will issue a security risk prompt.

The second type is the induced signature type. Usually hackers will comment on public places such as Twitter, Discord, TG of well-known projects, and post fake DeFi project URLs or URLs for receiving airdrops to induce users to click, thereby stealing user assets. In addition to the signature phishing mentioned by SlowMist, such as eth_sign, permit, create2, there are also some:

Method 1: Directly transfer and steal main chain tokens. Hackers often give malicious contract functions misleading names such as Claim and SeurityUpdate, while the actual function logic is empty, thus only transferring the user's main chain tokens. Currently, the OKX Web3 wallet has launched a pre-execution function, which can display asset changes and authorization changes after the transaction is on the chain, and warn users of security risks.

Method 2: On-chain authorization. Hackers usually induce users to sign approve/increaseAllowance/decreaseAllowance/setApprovalForAll transactions, which allow hackers to transfer the user's token assets to a specified address, and monitor the user's account in real time after the user signs, and transfer the corresponding assets immediately once they are transferred in. The security protection process against phishers is a confrontation and a continuous upgrade process.

Although most wallets will perform security risk detection on the authorized addresses of hackers, the attackers' attack methods are also upgrading. For example, using the characteristics of create2, the attacker will pre-calculate the new address. Because the new address is not in the safe black address library, it can easily bypass the security detection. The attacker will wait until the fish is hooked, and then go to the address to deploy the contract and transfer the user's funds. For example, we have recently found that many attackers will make users authorize the uniswap.multicall contract. Because this contract is a contract of a formal project, it can also bypass the detection of security products.

Method 3: Permission change: including tron permission change, solana permission change, etc. First, in the tron permission change, multi-signature is a feature of the tron chain. On many phishing websites, phisher will disguise the transaction of changing account permissions as a transfer transaction. If the user accidentally signs the transaction, the user's account will become a multi-signature account, and the user will lose control of his account. Second, in the solana permission change, the phisher will modify the Owner of the ATA account of the user's token through SetAuthority. Once the user signs the transaction, the owner of the ata account will become the phisher, so that the phisher can get the user's assets.

Other methods: In addition, due to the design mechanism of the protocol itself and other issues, it is also easy to be exploited by phisher. The queueWithdrawal call based on the Ethereum middleware protocol EigenLayer allows other addresses to be specified as withdrawers, and the user was phished and signed the transaction. Seven days later, the designated address obtains the user's pledged assets through completeQueuedWithdrawal.

The third category is uploading mnemonics. Attackers usually provide disguised airdrop projects or fake new listing tools to induce users to upload private keys or mnemonics. See the above for specific cases. In addition, sometimes they are disguised as plug-in wallet pop-ups to induce users to upload mnemonics.

Q4: Differentiation of hot wallet and cold wallet attack methods

OKX Web3 Security Team: The difference between hot wallets and cold wallets is that the private keys are stored in different ways. The private keys of cold wallets are generally stored offline, while hot wallets are usually stored in a networked environment. Therefore, the security risks for cold wallets and hot wallets will be different. The security risks of hot wallets have been very comprehensive above and will not be expanded.

The security risks of cold wallets mainly include:

First, social engineering and physical attack risks, and transaction process risks. Regarding social engineering and physical attack risks, since cold wallets are usually stored offline, there is a possibility that the attacker may use social engineering means to disguise as a relative or friend to access the cold wallet.

Secondly, as a physical device, it may be damaged or lost. Regarding the transaction process risk, during the transaction process, the cold wallet will also encounter the various airdrops, induced signatures and other attack methods mentioned above.

Q5: As mentioned in the opening, "giving away high-value wallet private keys", what other alternative phishing traps are there?

SlowMist Security Team: Yes, "deliberately giving away high-value wallet private keys" is a very classic case. It has appeared many years ago, but people are still deceived until now. This scam is actually the scammer deliberately leaking the private key mnemonic. After you import the private key mnemonic into the wallet, the attacker monitors your wallet at all times. Once you transfer ETH, it will be transferred to you immediately. This kind of method takes advantage of the user's greed for small gains. The more people import, the higher the handling fee, and the greater the loss.

Secondly, some users will think "I have nothing worth attacking", and this low defense mentality will make users vulnerable to attack. Anyone's information (such as email, password, bank information, etc.) is valuable to attackers. Some users even think that as long as they don't click on the link in the spam, they will not be threatened, but some phishing emails may implant malware through pictures or attachments.

Finally, we need to have an objective understanding of "security", that is, there is no absolute security. Moreover, the methods of phishing attacks have evolved a lot and developed very quickly. Everyone should continue to learn and improve their self-security awareness to be the most reliable.

OKX Web3 Security Team: Preventing third-party phishing traps is indeed a complex issue, because phishermen often take advantage of people's psychological weaknesses and common security negligence. Many people are usually very cautious, but when they encounter a sudden "big pie", they often relax their vigilance and magnify their greedy characteristics, which leads to being deceived. In this process, the weaknesses of human nature will be greater than technology. Even if there are more security measures, users will ignore them in the short term. In retrospect, they will find that they have been deceived. We must be clear that "there is no free lunch in the world". Always pay attention to raising vigilance and paying attention to security risks, especially in the dark forest of blockchain.

Q6: Suggestions for users to improve the security of private keys

SlowMist Security Team: Before answering this question, let’s first sort out how general attacks steal users’ assets. Attackers generally steal users’ assets in the following two ways:

Method 1: Trick users into signing malicious transaction data for stealing assets, such as tricking users into authorizing or transferring assets to attackers

Method 2: Trick users into entering wallet mnemonics on malicious websites or apps, such as tricking and tricking users into entering wallet mnemonics on a fake wallet page

After knowing how the attacker stole the wallet assets, we need to prevent possible risks:

Prevention 1: Try to achieve what you see is what you sign. It is said that the wallet is the key to enter the Web3 world. The most important thing for user interaction is to refuse blind signatures. Before signing, you must identify the signed data and know what the transaction you signed is for, otherwise give up the signature.

Prevention 2: Don't put all your eggs in the same basket. Wallets can be managed in a hierarchical manner according to different assets and usage frequencies, so that the risks of assets are controllable. Wallets participating in activities such as airdrops are used more frequently, so it is recommended to store small assets. Large assets are generally not used frequently. It is recommended to put them in cold wallets and ensure that the network environment and physical environment are safe when using them. If you have the ability, use hardware wallets as much as possible. Since hardware wallets generally cannot directly export mnemonics or private keys, the threshold for the theft of mnemonics and private keys can be increased.

Prevention 3: Various phishing techniques and incidents emerge in an endless stream. Users must learn to identify various phishing techniques on their own, improve safety awareness, educate themselves to avoid being deceived, and master self-rescue capabilities.

Prevention 4: Don't be anxious or greedy, and verify from multiple parties. In addition, if users want to learn more about asset management solutions, they can refer to the "Crypto Asset Security Solution" produced by SlowMist. To learn more about security awareness and self-education, they can refer to the "Blockchain Dark Forest Self-Rescue Manual".

OKX Web3 Security Team: Private keys are the only credentials for accessing and controlling wallet encrypted assets. It is crucial to protect the security of wallet private keys.

Prevention 1: Understand your DApp. When investing in on-chain DeFi, you must have a comprehensive understanding of the DApps you use to prevent asset losses caused by accessing fake DApps. Although our OKX Web3 wallet has conducted risk detection and prompts for DApps with multiple strategies, attackers will continue to update their attack methods and bypass security risk detection. Users must keep their eyes open when investing.

Prevention 2: Understand your signature. When signing on-chain transactions, users must confirm the transactions and ensure that they understand the details of the transactions. They must be cautious about transactions that they do not understand and do not sign blindly. The OKX Web3 wallet will parse on-chain transactions and offline signatures, simulate execution, and display the results of asset changes and authorization changes. Before trading, users can focus on the results to see if they meet expectations.

Prevention 3: Understand the software you download. When downloading auxiliary trading and investment software, make sure that it is downloaded from the official platform, and use antivirus software to scan it in time after downloading. If you download malicious software, the Trojan will obtain the user's mnemonic or private key by taking screenshots, monitoring the clipboard, scanning memory, and uploading cache files.

Prevention 4: Improve security awareness and keep private keys properly. Try not to copy important information such as mnemonics and private keys, do not take screenshots, and do not save such information to a third-party cloud platform.

Prevention 5: Strong passwords & multi-signatures. When using passwords, users should increase the complexity of passwords as much as possible to prevent hackers from blasting them after obtaining private key encrypted files. During the transaction process, if there is a multi-signature mechanism, it must be used. In this way, if one party's mnemonics or private keys are leaked, it will not affect the overall transaction.

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia